Remove problematic SCSS file #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Container Images | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ 'v*' ] | |
| workflow_dispatch: | |
| # Set explicit permissions - only grant what's needed | |
| permissions: | |
| contents: read # Needed to check out the repository | |
| packages: write # Needed to push to GitHub Container Registry | |
| # The following permissions are NOT needed and should remain at default (none): | |
| # - issues | |
| # - pull-requests | |
| # - actions | |
| # - security-events | |
| # - id-token | |
| # - deployments | |
| jobs: | |
| push-to-registry: | |
| name: Push containers to GitHub Container Registry | |
| runs-on: ubuntu-latest | |
| # Job-level permissions are already set at workflow level | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Create certificate file for build | |
| env: | |
| CA_BUNDLE: ${{ secrets.CA_BUNDLE }} | |
| CA_BUNDLE_PART1: ${{ secrets.CA_BUNDLE_PART1 }} | |
| CA_BUNDLE_PART2: ${{ secrets.CA_BUNDLE_PART2 }} | |
| CA_BUNDLE_PART3: ${{ secrets.CA_BUNDLE_PART3 }} | |
| CA_BUNDLE_PART4: ${{ secrets.CA_BUNDLE_PART4 }} | |
| CA_BUNDLE_PART5: ${{ secrets.CA_BUNDLE_PART5 }} | |
| CA_BUNDLE_PART6: ${{ secrets.CA_BUNDLE_PART6 }} | |
| CA_BUNDLE_PART7: ${{ secrets.CA_BUNDLE_PART7 }} | |
| CA_BUNDLE_PART8: ${{ secrets.CA_BUNDLE_PART8 }} | |
| CA_BUNDLE_PART9: ${{ secrets.CA_BUNDLE_PART9 }} | |
| run: | | |
| # Use the dedicated script to assemble certificates with validation | |
| ./scripts/assemble-certificates.sh --verify | |
| # Show the assembled certificate info | |
| ls -la certs/org/ | |
| - name: Prepare Dockerfiles | |
| run: | | |
| # Instead of relying on symlinks, directly reference the actual files | |
| echo "Using Dockerfile for full build" | |
| echo "Using Dockerfile.optimized for minimal build" | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,format=long | |
| - name: Build and push minimal container | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| # Directly use the actual Dockerfile.optimized instead of a symlink | |
| file: ./Dockerfile.optimized | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:minimal | |
| ${{ steps.meta.outputs.tags }}-minimal | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and push full container | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| # Directly use the actual Dockerfile instead of a symlink | |
| file: ./Dockerfile | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:latest | |
| ghcr.io/${{ github.repository }}:full | |
| ${{ steps.meta.outputs.tags }}-full | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BUILD_TYPE=full | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |